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i ABSTRACT: 
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MUMMIES RES 


NOUS LN —OOOnNAu 


This module implements the DCL command SET AUDIT. 
i ENVIRONMENT : 
VAX/VMS operating system, user and kernel mode 
i AUTHOR: Gerry Smith 29-Jun-1983 
i Modified by: 
v03-007 DAS0001 David Solomon 09-Jul-1984 
Fix truncation errors; make nonexternal cote" LONG_RELATIVE. 
V03-006 RSHO104 R. Scott Hanna 17-Feb-1984 


Fix field test 1 problems, comment out efeurnering code 
AL make changes due to new layout of SNSAEVTDEF. 


v03-005 RSHO101 Scott Hanna 05-Feb-1984 
Temporarily dteabte SET AUDIT. 


vO3-004 MKL0208 ary Kay Lyons 30-Nov-1983 
Change ITMLST a, CRENWV call to LSTADR. 


E$sefaoit 103351 


T= 
SING_MODE CE XTERNAL = GENERAL, NONEXTERNAL=LONG_RELATIVE) 


af 
ES 


SSLSTFERIS SE 


SeesereReece 


ak ed oe 4 A WW 


1$-$00~] 984 99:44:22 ithe £582 aNb9-283. 


v03-003 GAS0176 Gerry Smith 30-Au up 9 
Add more comments. Also remove some of the k eal that 
were necessary to make journal calls work. 


v03-002 GAS0173 Gerry Smith 6-Aug-1983 
Remove reference to (now) non-existent literal. sigh... 
v03-001 — Gerry Smith 24-Aug-1983 


Remove reference to Yai Lbox and terminal 1/0, add 
interactive and remote login/out. 
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i Include files 
LIBRARY ‘SYSS$LIBRARY:L18'; 


[o“-< 


Define some flag bits. 


'MACRO 

; venable = 9 ° 

: v.disable = 1%, 

; v_alarm = gf. 

; vjournal = 5%, 

: v_log = 4%, 

: v_new = 5%; 

LITERAL 
num_sys_events = 
num_loginout_events = 
nun. toginout types = 
num_file_events = 
num_access_types = 
arm$m_all = 


nsa$m_evt_log_all = 


6 
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! VAX/VMS common definitions 


THE FIRST TWO BIT POSITIONS MUST NOT CHANGE. 


' 
i /ALA 
i 


/NEW_VERSION 


arm$m_control OR 
arm$m_delete OR 
arm$m_execute OR 
arm$m_read 0 
arm$m_write, 


nsa$m_evt_log_bat OR 
nsa$m_evt_log_det OR 
nsa$m_evt_log_dia OR 
nsa$m_evt_log_loc OR 
nsa$m_evt_log_net OR 
nsa$m_evt_log_rem OR 
nsa$m_evt_log_sub; 
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] 
: Loginout_events must be 


file_events 
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i Declare some storage for tables 


OWN 
option_string vectonte) ASCII storage for 
INITIALC(ZASCID "ENABL LF ety, qualifiers 

ZASCID ‘DISABLE') 

syS_events : VECTORCnum_sys_events) ! System events 

7 INITIAL CRASCID7* ACL ' 

ZASCID ° “AUTWORIZATION® 
ZASCID *.MOU 

sys_bits ORCnum_ ss goventes ! System event bit masks 

IAL(nsa vt_acl, 


nsa$m_evt_uaf, 
nsa$m_evt “mount), 


in the same order as the corresponding bytes in SNSAEVTDEF 


Loginout_events : VECTORCnum. lo inout eyented ! Loginout events 
INITIAL (ZASCID * BREAK] 
ASCID '.LOGI 
ASCID TEBE ATCURE 
ZASCID *.LOGOUT'), 
lLoginout_types VECTORCnum_logi pout. t es] ! Types of login/logout 
. INITIAL ( CHASCIB * - ’ . 
ZASCID + BEE AEHED®, 
ZASCID °.DIALUP', 
ZASCID OCAL', 
ZASCID , NETWORK, 
ZASCID °. EnOtE’ 
ZASCID ° BA 
TASCID * SUBPROCESS' , 
lLoginout_bits : VECTOR Cnum Loginout. aa trere ! Loginout bit masks 
INITIAL (nsadm_evt_ 


nsa$m_evt -(99- det. 
nsa$m_evt_log dia, 

nsa$m_evt “tos"lee: 
nsa$m_evt_log_net, 
nsa$m_evt_log_rem, 
nsasa_ evt_log_bat 

nsa$m_evt_log- subs, 


file_events must be in the same order as the corresponding longwords in SNSAEVTDEF 


: VECTORCnum_file events) ! File access events 


INITIALCZASCID * URE’. 
ZASCID * SUCCESS’, 
ZASCID *.SYSPRV", 
ZASCID * BYPASS’ 
ZASCID ' UPGRADE’, 
EES -aaeneto 
ZASCID *.READALL'), 


7) 
mn 
> 
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3s 


ODONAUSWN OOO 


FF tS ne 4 ad ts 


Stas e NSS So o 
223 
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a at a 8 et St 


N 6 
16-Sep-1984 00:41: 
14-Sep-1984 12:08: 


ess_t pes] ! File access types 


; 
+ CONTROL, 


<WRITE*), 
m_access_types] ! File access bit masks 


arm$m_read, 
arm$m_write); 
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CLIUTL.SRCJSETAUDIT.B32;1 


? 
vO4~000. Eien 90:64:02 YMG, SLE YO. a 


3 7 ¢ 179 1! 

 s 180 1 ! Table of contents 

3 (Y 181 1! 

; «(185 1 § 1 

: 186 1 1 FORWARD ROUTINE 

; 14 1 1 set$audit : NOVALUE, ! Main module of SET AUDIT 
<*% 185 1 get_values : NOVALUE, ! Parse ENAB pe gy list 
: 189 1 1 set_bits : NOVALUE; ! Set alarm/journal bits 

; 190 1 1! start journal, ' Start a journal 

; 191 188 1! new _version, ! Make a new version of the journal file 
3 136 : 8 ! ! create_journal; ! Create a new journal 

; 194 $194 1! 

3; 195 8136 1 ! External routines 

; 196 B18 1! 

; 197 194 1 exTeney, ROUTINE 

; 198 0195 1 str$concat ! Make a string 

; 199 8136 1 cli$get_value, ! Get value from CLI 

3 soy 9944 ' cliS$present; ! See if qualifier is present 
; soe 0199 1! 

; 204 0201 : ; Declare literals defined elsewhere 

; 205 0 4 1 !EXTERNAL LITERAL 

; 206 0205 1! set$_jnlaccerr, ! Error accessing journal 

3 soe 0206 1! set$_jnlerr, ! Error creating journal 

; 208 0205 1! set$_newjnl, ' Journal successfully created 
> 209 0206 1! #set$_jnlsysdev, ! Using SYSSSYSDEVICE for journal 
3 $10 0207 1! set$_vrsnerr, ! Error creating new version 
3 211 0208 1! set$_newvrsn; ! New version created 

; \¢ t304 1 

er 4 0210 1! 

3 2146 ost} 1 ! Declare the shared messages 

3 si? \¢ .% 

: 216 0215 1 !SSHR_MSGDEF (SET, 119, LOCAL, 

; 217 0214 1! (syntax, error)); 

; 218 0215 1 

: 219 0216 1! 

; 220 0217 1 ! Declare some cells in the exec 

; 221 0218 1! 

: $§ 0219 1 EXTERNAL 

: 0 $y 1 ctl$gq_procpriv : SBBLOCK, 

3; 226 0221 1! #nsa$gr_journvec, 

3 $2 8 $$ 1 nsa$gr_alarmvec; 

3 6 1 


7 THEN flags(v_new) = 1; 


| 
| 
8 'Sinit_dyndesc (disk); 
3 icli$get_value(ZASCID "DEVICE_NAME’, disk); 
} 
| 


? 
SETAUDIT 1b-se 1984 00:41:27 AX-11 Bliss-32 V4.0-74 Page 7 
W542 000 1 30071382 99:68:86 kiute $Reises/Ubis 03951 . sh 
| 
H 8 4 1 GLOBAL ROUTINE set$audit : NOVALUE = 
: 3 5 BEGIN 
: 231 5 1e4 | 
: ¢ 8 Functional description | 
; » i This is the routine for the SET AUDIT command. It is called 
3 5 } from the SET command processor, and enables/disables security 
: ¢ ; alarms and security journals, for various event classes. In 
3 f OS87 } addition, a new journal file may be created. | 
3; 239 5 2 Inputs 
; 240 ! Non 
: $23 i output 
3 ! uts 
; rk 0 5 4 a None 
i $03 O5¢) $i 
3 26 024 
; <3 0 rk LOCAL 
> 248 0244 status, 
; 249 0245 ! chan : WORD 
; 250 0246 arglist : VECTORC3) 
3 3 rt mask : VECTOR ZensaSk_evt_length,BYTE] ! Enable/disable flags 
: 2g 0249 ! disk : SBBLOCK dsc$c_s_binJ, ! Journal device name 
3; 254 0250 flags : BITVECTOR(8 ! Flags to tell what we're doing 
3 €o2 8 51 INITIAL (BYTE(0)); 
: $28 ag S 
; 35 0 54 See if the user has the SECURITY privilege. 
; st 8 28 if NOT -ctl$gq_procpriv(prv$v_security] 
; 6¢ 0258 BEGIN 
3; £0 SIGNAL (ss$_nosecurity); 
3 264 60 RETURN; 
: 265 o : 
; e $8 5 
3 $8 0 ¢. : See if logging is required. Also check for /ALARM or /JOURNAL 
3 % 66 VIF cli$present(ZASCID *LOG') 
: 4 6 THEN flags(v_log] = 1; | 
; if 63 'IF cli$pre ent (ZASCID * ALARM’) 
s Le 4 !THEN flags(v_alarm] = 1; 
: 2? 72 2 SIF cli$present(ZASCID "JOURNAL"? 
3 A 73 ' THEN ee ag tee z F 
: 279 75 2 'IF cli$present(ZASCID "NEW_VERSION') 
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sbesenctgee O:6):27 Yana BLisg=s2 v4.00763 | 
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; See if anything is to be enabled or disabled. 


CHSFILL(O, ZALLOCATION(mask), mask); ! Zero the masks 
INCR i FROM 0 TO 1 DO ! Loop thru, once for enable, 
N i once for qise 
nates -option_stringl.i]) ! If something te "do. 
BEGIN 
flags{.i] = } set a bit saying so, and 
get_ velues(. sictes stringl.i ky routine to put new values 
om: maskC. i@nsa$k evt J fength}) i in the appropriate mask. 
END; 


If something is supposed to be enabled/disabled, go do it. 


inf - flagsCv_enable) !' See why ENABLE and 
'OR .flags(v_disable] ' DISABLE are first in the 
'THEN ! bit list? 
BEGIN ' If age is ag te 
arglist(0) = 2; ! to be set/cleared 
arglistLiJ = mask; ! up the argument | st 
ar ee te = flags; ! and call the routine 
$C (ROUTIN = set _bits, ARGLST = arglist): ! to do the bit tweaking. 


! “* 
! 
: If /JOURNAL, then start/create the journal. 


HIF NOT fiagstv. journal) H if not a journal, 

' Leave. 
IF NOT (. (.flagsly enable) ! If not either 
= “ape flags€v_new)) enabl ing or new_version, 
iarglist ca 1; . "! Otherwise set up the 
rarglistCt } ument List and 


poteeun = SCMEXEC (ROUTIN = start gjournal:! weet the routine to 
ARGLST = arglisf ! start the journal. 


i If there was an error trying to start the journal, tell the 
user and attempt to create a new one. 


i1F NOT .status 


' THEN 
: BEGIN 
: SIGIAL Coots Wire, 0, } Error eying to start journal 
' and her 
: att ots. Inisysdew): ' and that a try on SYSSSYSDEVICE 
arglist 
i orati ist = = than: 
: satisett = disk 
i status = CMEXEC (ROUTIN = create_journal, 
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ARGLST = arglist); 


If we can't create a journal on SYSSSYSDEVICE, give up. 


if NOT .stat 
HEN SIGNAL (set ainterr. 0, 


status 
ELSE IF tags styles 9 
he SIGNAL (set$ new nl); 


Oe eee eee 


i 1 /NEW_VERSION was requested, try that. 
- flagsCv_new] 


NOUS WIN OO OONOUNE wiry 


‘IF 
‘oman 


SN 


statu Shi tin = new version, 
» ARGLST = arglist); 


NOT .status 
THEN SIGNAL sets gugenerr. 0, 
fl 


tu 
( 
ELSE IF . re t log] 
IGNAL (set$— “aeverenli 


oo o* 
3 3 m 
m eo o 
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=. z 
vvnuve 
a ee ee a A, 


«TITLE SETAUDIT 
-IDENT \Vv04-000\ 


-PSECT SPLITS,NOWRT ,NOEXE ,2 
rr I 12698 mre 
»ADD 


it \BiSABLEN<O> 


ADDR RESS P 
SASCI \PAUTHORI ZATION\<0><0> 


-LONG A sg A 
eADDRES 


“ASCII T\<0><0> 
~LONG ‘i sou 
-ADDRESS P.AAJ 


00 00 45 4€ 42 41 4E 45 


. 
4c 434 
B0g60096° 
00 4€ 4F 49 54 41 SA 49 52 4F 48 54 55 
_ 
00 00 56 4E 55 4F 4p 
} , 


~ 
y~ 
Sete Se Se Se Se Se Se Se Se Ge See Se Se te 


ybeb08 ibosennt9Rs 99:08:85 Het TUt OSA SsEtabit 083; 


vw 
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we 
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46E 49 468 41 45 00054 P.AAL: .ASCII \ N\ 
: SAAK: LONG 17654728 
00 00 4& 49 47 AAN: ASC * Reine 
AAR: 7 


- LONG 
R 


ADD ss'P 
00 45 52 55 4C 49 41 46 47 AAP: “AStHi ybgeearunenco> 


2¢ 


‘ . AO: 
' < DDR 
00 54 SS 4F 47 4 wAAR: CA 8ci press \ T\<0> 
0090 P:AAG: :LONG si Beous 
4¢ 0098 P.AAT: ASCH $5 Faas 
009C P.AAS: “LONG ‘aie 
00 00 00 464 45 48 43 41 564 «AAV: = ASCII 1gBpupggePncorcorce 
AAU: ON RESS 
00 50 55 4C 41 AAX: “ASCII \P5 ALUP\<0> 
AAW: of Oe vii Ws 


00 00 4c 41 43 AAZ: "AgtliS ‘\ OCALA<O><0> 
AAY: “is p72 


48 52 4F 57 564 


00 45 54 4F 4D 


vv vvU vuvT UuGV UU UT VV VV UV VV VV VU UV UV UV UU OOUU UU UU 


AB 
AB 
ABD: 
ABC: - 2 
00 00 48 43 54 eABF: .ASCII \ BA! Su) <0><0> 
tees OORESS PeABF® 
00 53 53 45 43 4F 52 50 42 .ABH: ASCII \ SUBPROCESS\<0> 
14 P.ABG: .LONG 1769473 
18 -ADDRESS P.ABH 
45 52 55 4C 49 1C P.ABJ: ASCII \ FAILURE 
4 P.ABIL: .LONG 17694728 
8 -ADDRESS P.ABJ 
53 53 45 43 43 C P.ABL: ASCII \ SUCCESS\ 
SABK : -LONG ALS ty 
00 56 52 50 53 C P.ABN: -ASCII \ se YSBR \<0> 
t3 ABM: .LONG ss'b re9472 
00 53 53 41 50 4C P.ABP: ADDRESS, esha 
-ABO: .LONG 
8 ADDR ss\P 
45 464 41 52 47 wABR: <ASCI die 
~ABQ: ApRESS PAB 1? 
00 00 45 44 41 52 47 4E 57 .ABT: .ASCI RADE \<0><0> 
§ .ABS: LONG v;powmer 
“ADDRESS P. 
00 56 52 50 50 -ABV: ASCII \ \ ,GRPPRY\<O> 
ABU: 
C ONRESS. P. ABV 


ago 
se 
& 
wn 
o 
bs 
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et tll 
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PJ 
<8 
4 
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ao 
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say 


4C 


4c 41 


00000000° 
00000002 

00000000' 
00000000' 


00000002 


00000008 


44 41 

4C 
54 4E 
45 4 
43 45 
44 41 


54 49 


00000000" 00000000' 
00000000" 00000000° 
00000004 00000001 
00000000" 00000000° 
00000000" 00000000° 


80000060 0000007F 
80000000" 00000000" 

00000" 00000000" 
00000010 0000001F 


26 cocoons" ef be 
jerry 
6€ 
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1 ~$007 1383 90:68:89 Yet iur sre SETAUDIT.832;1 
190 P.ABX: ASCII \,READALL\ 
198 P.ABW: LONG 17050045 
1%5 P.ABZ Acct oS ee 
1A4 P.ABY: <LONG 17ebk}2« 
is P.ACB Age tT \ CORTR L\ 
186 P.ACA: .LONG 1789a758 
ibe P.ACD AeetT N BELET \<0> 
ifs P.ACC: .LONG 17854555 
if8 P.ACF: tees Penge TE\ 
ibe P-ACE: LONG 175 355$8 
108 -ADDRESS P.ACF 
1DC P.ACH: <ASCII \ READ\<0><0><0> 
1E4 P.ACG: LONG 17694725 
168 ‘ADDRESS P.ACH 
1EC P.ACJ: ASCII \.WRITE\<0><0> 
174 P.ACI: LONG 17694726 
18 -ADDRESS P.ACJ 


-PSECT SOWNS,NOEXE,2 


00000 OPTION_STRING: 

sADDRESS P.AAA, P.AAC 
00008 SYS_EVENTS: 

-ADDRESS P.AAE, P.AAG, P.AAI 
00014 SYS_BITS: 1. 6.2 


.LONG 
00020 LOGINOUT_ EVENTS: 

“ADDRESS P.AAK, P.AAM, P.AAO, P.AAQ 
00030 LOGINOUT. TYPES: 

TADDRESS P.AAS, P.AAU, P.AAW, P.AAY, P.ABA, - 
0004 P.ABC, P.ABE, P.ABG 
00050 LOGINOUT_BITS: 

“LONG 127, 64, 2, 4, 16, 8 1, 32 


0070 FILE events: 


ADDRESS P.ABI, P.ABK, P. ABM, P.ABO, P.ABQ, @ 


$0088 P.ABS, P.ABU, P.ABW 
0090 ACCESS_TYPES: 
ADDRESS P.ABY, P.ACA, P.ACC, P.ACE, P.ACG, P.ACI 


QOOA8 ACCESS_BITS: 
. ett 31, 16, 8 4, 1, 2 


.EXTRN STRSCONCAT, CLISGET_VALUE 
SEXTRN CLISPRESENT, CTL$GQ~PROCPRIV 
EXTRN NSASGR_ALARMVEC 

EXTRN SYSSCMRRNL 


-PSECT SCODES$,NOWRT,2 
.ENTRY SETSAUDIT, Save R2,R3,R4,R5,R6 
ROVAB OTION STRING, R6 


MOV =96(SP), S 
CLRB FLAGS 


3 
~~ 
wn 
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0 s r) $60, PROCPRIV+4, 1$ 
2934 rf RP MOVZWL +6568 
000000006 1 FS cA tS #1, LI6$SI situm 
0050 =F 00 6E - 00 $e MOVCS #0, (SP), #0, #80, MASK 
ud Be Sth, deri srenng 
000000006 00 F CALL opm 
16 : BLBC 
90 6 BESS "FLAGS 
MULL3 high} ko” 
«ate aur nee 
v EE F CALLS » GET 
D9 F AOBLEQ a. a oy" 
4 AE 2 MOVL @# i 
8 AE 06 AE 9E MOVAB MASK, ARGLIST+4 
C AE 6E 9E MOVAB FLAGS, ARGLIST+8 
54 AE OOF PUSHAB RGLIST 
00000000v ai oF PUSHAB eT a 
000000006 00 2 FB CALLS #2, SYSSCAKRNL 


3; Routine Size: 116 bytes, Routine Base: SCODE$ + 0000 
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saa  S~ 0 TO num_sys_events-1 D0 


ger concat (dess - option, .sys_eventsl.i]); 
IF .all cli$present(desc) TREN sys = .sys OR -sys_bitsl.i); 


1 
: Loginout events 


INCR i onan 0 TO num_loginout_events-1 DO 


sErsconcet (dese. option, .loginout_events(.i]); 


IF .al cli$present (desc) 
THEN 


; i BOUT INE get_values (option, mask) : NOVALUE = 

; 2 ieee 

; 7 Sivgn an ASCII Gonce loter and a set of masks, dye iphor the 

; 7 : ned Me into an audit class, ond set the appropriate bits in the 

4 ; os 

; 1 i Inputs: 

3 ¢ : mask - address of mask a 

; ; option - address of ASCII “descr toter 

; 5 2! Outputs: 

: : mask - will have a bit set. 

4 icoe 

3 31 mask : REF SBBLOCK; ! The mask is a byte block 
; 0 38 BIND Lecete stuff within the mask: 
3 94 ys. = mocktnee?t. evt_sy e simple system bits, 
3 95 inout = mask(fs asb.. ed *logb] : VECTORE4 pire). ! at inout bits 

: 38 @_access = per nsa$l_evt_ failure : VECTO i File access vector 
; 9 LOCAL 

; 404 399 all : BYTE INITIAL (0), 

H 00 file. all : BYTE IN bh (0), 

3 rey 01 string : roe Ose dsc$c_s_bl in}. 

: Beg desc : SBBLOCKEdsc$c_s_bin 

3 409 04 Sinit_dyndesc (desc); ! Get a couple of 

; : 05 Sinit=dyndesc (string); : dynenie descriptors 

: 1 89 str$concat(desc, .option, ZASCID '.ALL"); 

: : BB IF cli$present(desc) THEN all = 1; 

: 41 ' 

: : be system events 

3 1 

3 1 


FY oY oy oy ot ot ot at at at at at at eee ee eee 
WN —OOBNOVE WN $9 DONOUS WN 


DNOUNE WO CONOUS WIN 
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1b-$e0~1966 00:41:27 YARGHY BL igg=S ve Qo7e rase 4 


4 Ron 0 TO num_loginout_types-1 DO 

F (.4 EQLU 0) og 5 EQLU 6) THEN EXITLOOP; 

trSconcat (dese, tion, .loginout_eventsl.iJ, .loginout_types{.jJ); 
F_.all OR present desc) 


yp, 1m inourl. 13 = ,loginoutl.i] OR .loginout_bitsl.ji; 


END; 
Loginout(0) = .loginout(0] AND NOT (nsa$m_evt_log_bat OR nsa$m_evt_log_sub); 


' 
: file access events 


str$concat (desc, caption. ZASCID *.FI : ACCESS’, ZASCID *.ALL"); 
ir cliSpresent(desc) THEN file_all = 
vase Oe 0 TO num_file_events-1 DO 
str conces (de. sont ion. ZASCID °.FILE cAccess®, -file_eventsC.iJ); 
IF wall -file_all OR ClLiS$present (desc) 
THEN 
BEGIN 
INCR ran 0 TO num_access_types-1 DO 


+> ERS option, ZASCID '.FILE zccess’. -fileeventsl.i], .access_typesl.jJ); 
all OR .file_all OR CLiSpresent (desc) 


N 
wp, teneccessl. 13 = .file_accessC.i] OR .access_bitsl.jJ; 
IF file_accessC. i] EQLU 0 THEN file_accessl.i] = .access_bits(0J; 
END; : 


| Upgrade and and Seungrade not implemented yet so make sure that ALL has not 
rne 


Hts: ~Steesstsd = 0: 


zZo2 rer tr 


-PSECT SPLITS,NOWRT ,NOEXE ,2 


4c 4C 41 QIFC P-ACL: ASCII \.ALL\ : 

01060004 P.ACK HONG: «176887 724 : 

53 53 45 43 43 41 SF 45 4C “ox on6t 08 BACH: ASCH ibdsbgeress ; 
4c 4¢ st Ie P.ACP: TASCI int 

91060004 PIACO: “LONG 17604224 : 

0060000 4 -ADDRESS P.ACP ; 


segs 


53 53 45 43 43 41 


53 53 45 43 43 41 


53 


SF 45 4C 49 4 


E 
0B Ae 


SF 45 4C 49 46 2E 


thst 


0060006" 


OFFC 
8 0006 9E 
® 900900006 00 9F 
9 00000000' : cs 
4 ¢ 
1 
4 
57 94 
020E0000 8F ODD 
4 AE D4 
AE 020E0000 8F 00 
C AE 4 
00000000" EF fF 
56 04 AC 00 
56 DD 
08 Ag F 
6A FB 
«8 i Pe 
3 0 6 
D4 
EB A94 0D 
56 DD 
08 AE OF 
6A fF 
08 E 
—E OD 
6B 1 =F 
a F4 AIG E 
a AG 
694 0D 
56 0D 
08 A Ff 
A F 
8 £ 
EoD 
if eS 
bs 


00000 GET_VALUES: 
WORD 
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SOoOOOCOOOOoOSO 
SSPSRASESE A SNe 
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Sa 


PR 


K 
1e-80p= 1882 99:65:85 eee She sséeabie 593.1 
ASCII VsE ELS AACCESSS 


R 
“ASCII \.FILE_ACCESS\ 
~LONG 17694539 
SADDRESS P.ACT 


SCODES ,NOWRT ,2 
q ASAT ASAD RIO .A1T 


#ile, 
#4, MASK, R4 
#8, MASK, R5 
ALL 


D + 
#34471936, STRING 
STRING+4 

P.ACK 

OPTION, R6 

R6 

ogee 

#3, STRSCONCAT 
#1, CLISPRESENT 
RO; 1S 

"a. ALL 
SYS_EVENTSCI] 


DESC 

#3, STRSCONCAT 
ALL, 3$ 

#1, CLISPRESENT 
ev ait 1], @MASK 
#2,°1, sf F 
LOGINOUT _EVENTSCI] 
Desc 

#3, STRSCONCAT 
ALL, 6$ 


i, } [SPRESENT 


f 


0372 


? 
SETAUDIT 18-56 =1984 00:41:27 AX-11 Bliss-32 v4.0-74 Page 1 
Sbac0bo 1 ~$00 138% 90:60:89 Oru sReise sabi T6331 = “aS 
06 9A CMPL #6 ; 
; °} 90 BEQL ifs : 
10 A942 DD OOO9F 8S PUSHL LOGINOUT_TYPESC J] + 0433 
6943 OD 000A PUSHL  LOGINOUT“EVENTSL1J : 
56 BD PUSHL R6 : 
Oc AE OF PUSHAB DESC ; 
6A 4 Fe AB CALLS #4, STRSCONCAT : 
8 8 £ BLES ALL, 9$ + 0434 
; DD 0008 PUSHL  $P ; 
6 FB B CALLS fi. CLISPRESENT ; 
30 aged De Bs 9$ PUSHAL LOGINOUT erTstyJ + 0436 
6344 Hs BD BISB2. a(SP)+, TIDCR : 
D1 28 F C1 10$:  AOBLEQ #7, J, 7$ + 0430 
BS 3 F C5 11$: AOBLEQ 43 1. 5$ + 0424 
1 gh 00¢9 BICB2 #33, (Rd) + 0440 
00000000" EF 9F 000C PUSHAB P.AC + 0446 
00000000" FE 9F 0000 PUSHAB P.A ; 
6 0D 900 PUSHL : 
OC AE 9F OOODA PUSHAB DESC ; 
5A 04 FB OO0DD CALLS #4, STRSCONCAT : 
E DD 000E0 PUSHL SP + 0447 
ee 01 FB OOEe CALLS #1, CLISPRESENT : 
0 0 £9 O0E BLBC = RO, «128 : 
57 o1 0 00068 MOVE #1. FILE_ALL : 
9 nots be ooces 188; pues ILE evenrscz3 : be? 
00000000° EF oF OOF 1 PUSHAB P.ACG : 
6 DD 000F7 PUSHL : 
OC AE 9F 000F9 PUSHAB DESC ; 
6A . @ OOF CALLS #4, STRSCONCAT ; 
0B : E8 OOOFF BLBS ALL, 14$ + 0452 
08 E 919 BLBS  FILE_ALL, 14$ : 
SE DD 001 PUSHL SP F 
68 1 Fe 010 CALLS #1, CLISPRESENT F 
C E9 OO10A BLEC =E_—s«aRO.-«18$ F 
D4 0010D 14$:  CLRL + 0455 
i ASeg BB anite U8: piste MESeGLEELY be 
00000000' EF oF ott? PUSHAB P.A : 
6 pp 11D PUSHL : 
10 AE F OOT1F PUSH DESC : 
6A FB 001 CALLS #5, STRSCONCAT F 
ws Q £8 001 BLES ALL, 16$ : 0458 
E8 001 BLBS FILE_ALL, 168 : 
E DD 00128 PUSHL SP : 
F CALLS #1, CLISPRESENT ; 
6542 0088 ¢943 C8 001 168: BISL2 acess _aj1s(v2. (RS)CI) : 460 
D1 53 F3 0013A 17$: AOBLEQ # : $ 3 0455 
65 p 1 TSTL  (R5)E8) + 0462 
654 0088 b6 0014 SNL ACCESS BITS. ¢RSCII : 
AO $3 § F3 00149 18$:  AOBLEQ + AS " + 0449 
10 AS 7C 140 CLRO. —-: 16 ¢r5$ 3 469 
04 0015 RET : 0471 


a 
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1en$ep-198e 12:08:59 EeLTUTLoSReSsE Tabi .08:1 an 


1 boyy ane set_bits (mask, flags) : NOVALUE = 


i Reset the bits for either security alarms, or security journaling. 


1 
1 
1 
: 
! Inputs: 

! mask = address of vector of bits to enable and disable 
flags - address of flags (alarm, journal) 

| 

! 

1 

i] 


i Outputs: 
! None. The auditing bits are set. 


mask : REF VECTORC,BYTE), 
flags : REF BITVECTOR; 


BIND 
enab = woes : VECTORC BYTE), : 
disab = mask(nsa$k_evt_length] : VECTORC BYTE); 


LOCAL 
bits : REF VECTORC.BYTE); 
' 
: Determine whether to modify the journal or alarm bits. 


‘IF {logstvalarad 

'THEN bits = nsa$gr_alarmvec 
‘ELSE bits = nsa$gr_journvec; 
bits = nsa$gr_alarmvec; 


] 
: Step through the vector in SYSCOMMON and enable bits. 


INCR i FROM_O TO nsa$k_evt_length-1 09 
bits(.i] = (.bitsCzi) OR -enabL.i}) AND NOT .disabl.i); 


RETURN; 
END; 


001C 00000 SET_BITS: 


‘ Soye R2,R3,R4 3: 0472 

gt 02 ADDL3 #40, MASK, R > 0494 

; ROVAB NSASGR_ALARMVEC, BITS ; 9305 
BR 10 1$: MOVZBL fice 181. R2 ; 
9a 00014 MOVZBL @MASK(1}, R4 : 
8 00019 BISL2 R4 ; 
B 0001C BICBS (ISCR3, R2, (1)CBITSI F 


J 


Wie 


: 


DWDONAVE WN —$O OONAUE WN (OVO 


hk a a tt ts ts tt 
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PUP PV PUPVPUPVIVSVSVSIVSVSUSVSTSUSVSVSVSTOSIOSIOSIOSIOS 
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1Sosen-1964 99:4): 


$f AX-11 Bliss-32 9-735. 
9 CLIUTL.SRCJSET AUD iT.832;1 
' 


iROUTINE start_journal (chan) = 
‘BEGIN 


eee 


4 

; Attempt to assign a channel to the journal. 
i Inputs: 
chan = address of word to store channel number 
i Outputs: 

chan = will be filled in. 

1 ae a 


!MAP 
: chan : REF VECTORC,WORD); 


'RETURN SASSJNL(CHAN = chan([0) ! Try to assign a channel, 

: JNLTYP = dt$ atinl ! perhaps causing the _iournet 
: ACMODE = UPLIT VTE Ci sb$c exec), ! to get started on the 

: JNLNAM = ZASCID ‘SECURITY”); ! system. 


‘END; 


1Ssenrt9be 00:41:27 YaNett BL iag=32 y 


MAP 
: : REF VECTORC, -WORDI, 
: disk : REF SBBLOCK; 


| 
4 4 ' 
& 4 IROUTINE create_journal (chan, disk) = | 
4 4 ‘BEGIN 
44 !ee4 
45 : 
§ #8 Try to create a journal. 
4 $8 i Inputs: 
5 4 i chan - address of word, where to put yy number 
$ ? disk = address of descriptor for device to journal to 
8 r i Outputs: 
59 5 a Pechen = will be filled in. 
a dn 
5 
326 
560 
$6 


AAO 


OCAL 
‘ gov see. list : ait tae 
: data : “$BBLOCK 


sb$c length); 


WISI 


Set up the List of descriptors pointing to the device(s) on which the 
lournel file resides. 


| 

' 

' 

1IF .disk€dsc$w_length) NEQ 0 ! If there's a valid 
io device specified by the 
i Soles -tistC0l = iskEdsc$w_ Length); i and address to DEVICE_CIST. 
device. ListCt kCdsc$a_pointerd; 

ig ! Otherwise, use 
$ BEGI ' SYSSSYSDEVICE. 
' Se ol ~{ ist hod = ZCHARCOU aC SY sssvepevice 

i device-listCt) = UPLIT BYTE CSYSSSYSDEVICE’S; 

idevice listl2) = 0; ! Zero-terminate the list 


FUPUSUSUSUSUSUSU SSUES SISTA 


FERAS Laas NI SSeS 


cm ee ce ce ee ce ee ee ee ee ee me ee ee me ee mm ee me ee ee ee ee ee a oe ed ed od SD dd dd dd 2d dd wd 
meme moms 


i Set up the Journal Se Block, which contains all the 


user, transfer the length 

4 

: 

; information about the journal to be opened/created. 
| 
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585 

H 'CHSFILL(O, opte ca tength. dat Gose?; : Initialize 

5 ‘dataljsb$w_jnin HARCOUNT (° SECURITY"); 5 vgurnes name is 8 bytes, 
5 'dataljsb$l_ alnen = ult BYTEC*SECURITY'); in SECURITY’ 

5 ‘dataljsb$b_jnityp sb$c_at; ; AT nal 

59 ‘dataljsb$b_jnidev sb$c_disk; } Aout 2 “disk P 

38 'dataLisb miit 2 mate dt _tecord buf; ' and con te 

a7 'dataljsb$w_filext 1 ! extend s 

595 

596 


: ; ' this to sto | 
igatatyapserscocd’> xBizoiriorii001 100"; i go everything ftom FREE cay | 


o 
o 
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8 
16-Sep-1984 eb AX-11 Bliss-32 V4.0-74 
S 14-Sep-1984 12:08:59 CLIUTL.SRCJSETAUDIT.832;1 


igatat isbst. wuic) = tt 10004"; -” Owner = 61,4) 
;data sb$i_flags) = oft }sbSa known nown journal ane create a 


i cif; ! journai ‘ite if not ther 
‘data jsbsb. copies) : ! On L= one copy a the file 
'dataljsb$l yon teen BA, = dete List; ! Disk names here 


'RETURN SCREJNL (CHAN y) type ! Give it a try. 
' FLAGS ‘ad 


= cjif$m_r 
ACMODE = UPLIT “BYTE Lj sb$c_ exec), 
JSB = data); 


st a st 
omome 


fun—o 


in Rd 


F 8 
1e-Sep-i98e 12:00:89 — LeLiutessneSsetavoit 050; rose 6) 


$8 
= 


‘ROUTINE new version (chan, disk) = 
'BEGIN 


—> tb 


i Create a new version of the journal file. 


' 
1 
4 
} 
! Inputs: 

; chan = address of channel to use 

; disk = address of device descriptor, telling what device to 
: locate the new file. 

i) 

‘ 

t 

1 


MAP 
: chan : REF VECTORC WORD], 
; disk : REF SB8BLOCK; 


VFWN "ODOT UES WN“ O0DONOWM 


PEED AARAAAAA AAA AAA A AAA AAAS 


mw PUPS 
Be Ast PO OO NONE WN OMe Ue $ S 


‘LOC 
: item_list : VECTORC12), 
i 


MEN SO OONOUFS WN (“QOOOVNOUS 


curdev_len 
64 curdev”: VECTORC10); 
64 
* 
64 'BEGIN 
64 0 ‘LOCAL 
64 641 ; status, ! Declare these here, 
os : § : List : SITMLST_DECL(ITEMS = 1); ! because they're temporary. 
6 44 'SITMLST_INITCITMLST = Hig ' Set up this List, 
6 645 ; (ITMCOD = ¢ i$_fildsknam, ! want device name 
6 : § : BUFADR = curdev ! store it here, 
6 i BUFSIZ = ZALLOCATION(curdev), i up to this big, 
° : 3 : ,RETLER = curdev_len) ! actual size returned here. 
6 650 1 !IF NOT (status = SGETCJI(ITMLST = List ! Do it. 
6 651 : CHAN = .chan0))) ! If a problem, 
6 : § 'THEN RETURN .status; ! stop now. 
6 : ‘END; 
660 554 
o) 655 ; 
$68 : $ i The SCRENWV service takes as its argument a List of itemlist addresses. 
$68 : 3 : Set that up now. 
666 66( {item tistto] = item_list(2); ' Point to “real” itemlist 
bé titem_list = 0; ! Zero-terminate. 


seek 
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| 
1: | 
: ; Get the current device name. | 
1 i 

| 
1 

: 
1 

1 

1 

1 

1 

1 
| 
} 
: | 
1 
1 | 
1 
1 | 
} 
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CLIUTL.SRCJSETAU 


! Length of the item; the secene peered, omae oy: the address of the item. 
' This List must zero-terminated a ases, we want to List 
the current device name, and the ' ‘Close kts tile” lag. 

litem | tte = (cnv$_flags*16) OR 4; : Flags are a longword : 
litem, ites = UPLIT™ (cnv$m_close); i and gay fc lose he file’ 
‘item ~tistte } = (cnv$_curdevnam*16) OR .curdev_len; ! Current devname 
‘item_list(5] = curdev; 


i : hy user ’ qnte he journal file on a different device, then put that 
i n the | ist. ollowed by the zero terminator. 


By -diskdsc$w_length] NEQ 0 ! If to a different disk, 
' THEN ! put that item in. 


: BEGIN 
’ item_list ; = (cnv$_newdevnam*16) OR .diskCdsc$w_length); 
' item_list = ,disk€dsc$a_pointer); 

i item=list(8) = 6; 


: Otherwise, simply zero-terminate the List. 
‘ELSE item_list(6) = 0; 


‘meee emma = .chan(0) 


! Do it. 
LSTADR = item_list); 


AX-11 Bliss-3 
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PSECT SUMMARY 
Name Bytes Attributes 
SPLITS 33 NOVEC,.NOWRT, RD ,NOEXE,NOSHR, LCL, REL, CON,NOPIC,ALIGN(2) 
92 NOVEC, WRT, RD ,NOEXE,NOSHR, LCL, REL, CON,NOPIC,ALIGN(2) 
SCODES 492 NOVEC,NOWRT, RD, EXE,NOSHR, LCL, REL, CON,NOPIC,ALIGN(2) 
Library Statistics 
quewsees Symbols -<------ Pages Processing 
File Total Loaded Percent Mapped Time 
.$255$D0UA28: CSYSLIBILIB.L32;1 18619 33 0 1000 00:01.8 


Size 492 ode + 784 data bytes 
Run 06:1 4 

Elapsed Time: 249.9 

Lines/CPU Min: 2723 


Lexemes/CPU-Min: 14758 
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«EXTRN LIBSSIGNAL 
BLISS/CHECK=(FIELD, INITIAL OPTIMIZE) /LIS=LIS$:SETAUDIT/OBJ=OBJ$:SETAUDIT MSRC$:SETAUDI T/UPDATE=(ENH$: SETAUDIT) 


f Used: 160 pages 
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